Security Rule Update Delayed: The likely effective date of the proposed revisions to the HIPAA Security Rule to increase encryption, MFA, and other security safeguard requirements has been pushed back. The Notice of Proposed Rule Making was published January 2025, and HHS had indicated that it would likely be announced as final (possibly with some tweaks) in May 2026. I was always doubtful of that, and now HHS has announced that the rule will likely be finalized in one year's time.
Note that many providers and other covered entities objected to the new rules, which will certainly add costs and burdens to them. However, given the high level of cyber threats against the healthcare industry, I would be surprised if we did not eventually see some tightening of the screws, by increased enforcement if not by changes in the rules.
If you're in San Antonio today, come by the Convention Center at 10 am and hear Cheryl Camin Murray and me talk all about it.